Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
25ed4c4c97f26a3df2dd64a41c356940753751abc3e5c7c9e0d7b682495221d9Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
862e155c97737770baa26ffedf324a7fa255b757c85b0c9a6f312264f2ca29c5Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7derfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.
acabf88a256ecdeddf175c24b4263b0d4b660b4cd2c60eb52dccc56cdcbf11cfThis paper is a collection of THC's favorite tricks. Many of these tricks are not from them, they merely collect them. They show the tricks as-is without any explanation why they work. You need to know Linux to understand how and why they work.
07ddd32f849e88cecb82baf3b3250a7eb1c7d1d4a8c6cc06db0ab498817a4eb2This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.
6c879a4e9e6dc2c3ad319ed39819005bbf1975b59feee6d511f7f1140f97fd91testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
32bac618c807d5f960f68dd20d1a1b3988f4033d5535daa8ffcd26fca4a4dc43Ubuntu Security Notice 4638-1 - It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service.
22de1321f37779e2a2d90f916ad60679e84d0748afd9a717f50205a77a95bd19TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.
2b86aa20695ff99c9d185ed04df1ba3584158ebaa73e1ac6836170d8afc84ad0Sokrates SOWA SowaSQL suffers from a cross site scripting vulnerability. The module SOWA.WWW was fixed in version 4.8.16, whereas the module SOWA.OPAC was fixed in version 5.6.2.
126c83263ec1f977ca3ab7e64bbe290057fbec2da0c2f3bde1d8a8451fe4b9caTestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.
233c49f03cbf8d45807a7927e676676ff08c5611513b7f16a38b6e2269b4f097TestBox CFML Test Framework version 4.1.0 suffers from a directory traversal vulnerability.
564d7395708184ec2af19cd4ab16e8142690010142bb9ee73b933525fb89b775Gemtek WVRTM-127ACN version 01.01.02.141 suffers from an authentication arbitrary command injection vulnerability.
288c20759376d1be2b2201de3eb7d9f660659dd2077eb3c2933919f67608b027Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.
77157f59589b89e5782b1e7180f9a4549ec5495b926d3cc0be053079751dbf39Nagios Log Server version 2.1.7 suffers from a persistent cross site scripting vulnerability.
a114564a42184343d9c6589e82df2fbc813bb7026cb726f7d8f2579fd2b930dbM/Monit version 3.7.4 suffers from a password disclosure vulnerability.
a92ed4a23d80cabbc2f2973223f9125882573e59be97d5bf20768d3a5a796437M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.
940af9a4fdd41005d1f80fc80891326898228ca47a2d355adeb0d8951f939180Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.
3fa20aa2a7c614b9b11d6fbc0c9ba54d294469d6ed5ae63e80764789e70be637Fortinet FortiOS version 6.0.4 suffers from an unauthenticated SSL VPN user password modification vulnerability.
f1f2146ee2e6b708b1cc15143c5c2571d40fb33b9a3a20e0b020cbf4fb46d4d6xuucms version 3 suffers from a remote SQL injection vulnerability.
3f7c39734f1fd0b1e3aa62d608deccf6fa4731ae92cb2cf90e648d407d417e0cPESCMS TEAM version 2.3.2 suffers from multiple cross site scripting vulnerabilities.
78b604f0c2a46c0ed39c6ce7e7decc2310a9a52f7f58a4dea0be82cd2e47ee5b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed